Now apparently, that's not good enough, so I have to get my head around nftables.
On, but wait, this is OpenWrt, which has yet another layer added - fw4.
And all I wanted to do was upgrade the OS to get rid of a long-standing
and very annoying race condition that would kill the WiFi at
unpredictable moments.
Yes, I know I'm using this router in a rather different way from the
usual, but sometimes people do things like that.
Sylvia Else <sylvia@email.invalid> wrote:
Now apparently, that's not good enough, so I have to get my head around
nftables.
On, but wait, this is OpenWrt, which has yet another layer added - fw4.
And all I wanted to do was upgrade the OS to get rid of a long-standing
and very annoying race condition that would kill the WiFi at
unpredictable moments.
Yes, I know I'm using this router in a rather different way from the
usual, but sometimes people do things like that.
I guess it depends how different your usage is, but if you're using
OpenWrt's fw4 firewall configuration, it's supposed to accept the
same configuration syntax as fw3, so the switch to nftables
shouldn't be causing problems if you were using that
(/etc/config/firewall).
Mind you the increased bloat of current OpenWrt (or its included
software, including the Linux kernel, which have been getting
bigger with each version) has caused me problems. Including,
as it happens, issues with it killing the WiFi when it ran out of
RAM. Oh for a maintained software environment that doesn't have an
obesity problem...
I was just iptables directly, since I know how to configure it. I need
to reverse the trust relationship, trusting wan, and not trusting lan.
In the end I've just gone through the luci stuff, replacing lan with wan
and vice versa. Now I just need to figure out the best way of blocking access from lan to some wan subnets. Probably not difficult, though it
would help if I could find a defined syntax, rather than just examples. Maybe I'm just looking in the wrong place.
Sylvia Else <sylvia@email.invalid> wrote:
I was just iptables directly, since I know how to configure it. I need
to reverse the trust relationship, trusting wan, and not trusting lan.
In the end I've just gone through the luci stuff, replacing lan with wan
and vice versa. Now I just need to figure out the best way of blocking
access from lan to some wan subnets. Probably not difficult, though it
would help if I could find a defined syntax, rather than just examples.
Maybe I'm just looking in the wrong place.
I've never used the LuCI Web interface, but this page has plenty of
details for editing the /etc/config/firewall file: https://openwrt.org/docs/guide-user/firewall/firewall_configuration
Really?
I have to learn a THIRD way of doing firewalling?
First it was ipchains.
Then it was iptables.
Now apparently, that's not good enough, so I have to get my head
around nftables.
I think that's not the way to do things. We should not blindly follow
along software development. Remember---many of these things will fall.
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,007 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 185:04:02 |
| Calls: | 13,162 |
| Files: | 186,574 |
| D/L today: |
117 files (21,662K bytes) |
| Messages: | 3,316,168 |